View Full Version : MIMO OK, internal scanning not performed, anyhow 3rd party solutions find infection
May 10th, 2012, 04:30 PM
It is about my NOD32 AV installation
On PC i have some mbox files (generated and used by Mozilla Thunderbird).
In the same mail client there are several e-mails.
Some of them are very old, other quite new.
Recently I started a virus scan of all partitions.
For this scan I didn't use the installed nod32 av but
3rd party solution (bitdefender, kaspersky, other).
These scan was started from live-CD, ubuntu based.
Bitdefender and kaspersky hit alarms for these mbox files.
All the nod32 av can say when scanning them is
"MIME OK, internal scanning not performed", regardless of if to scan
the mbox file or just the affected mail message exported to eml file.
Also several items on virustotal hit alarm for these files.
VERY FRUSTRATING it is.
How many other infections on my partitions stay uncovered due to this approach of nod32 av?
May 11th, 2012, 12:19 AM
"internal scanning not performed" means that you have scanning archives or email files disabled so the emails in the MBOX file were not scanned.
May 11th, 2012, 05:50 PM
EAV 18.104.22.168 is in use.
Always when I am performing on-demand scan I do it from contextual menu
of file to be scanned. Never from EAV gui (computer scan).
Problems reported here occur while scanning eml and/or mbox files from
windows explorer contextual menu for file to be scanned.
Therefore I think the option "scan mails" is not relevant here.
Please correct me if I am wrong.
Help and advanced settings dialog present following modules
- real-time protection
- document protection
- computer scan
- startup scan
- web and email
If to study eav help I get the impression that in setup section "computer scan" the scans triggered from eav GUI window only are addressed.
Not the scans started from context. menu of file to be scanned.
In all modules where it is possible, except for startup protect.
module, scanning emails option is and was enabled. The same applies to archives.
Now after your hint, I double checked these settings and tried to scan these
files once again. This time by invoking the scan from eav gui window - custom computer scan.
The scan report claims "OK", string "internal scanning not performed" is not produced this time.
Currently the scans started from gui - custom comp. scan - seem to perform internal check
because the warning about lack of such is missing.
But if to again start scan from context menu the results are still as described in initial mail - internal scanning not performed.
So, there are discrepancies between results of on-demand scan started from gui and from scan object's context. menu.
This would confirm my observation regarding relevance of computer scan setup section, see above.
The fact that custom computer scan started for these files from gui does
not hit any alarm and bitdefender hits such is a different story.
I don't want to discuss this now.
1. Where to find setup for on-demand scan started from scan object's
In setup dialog for computer scan one has a list of choises - scan profiles.
However I am not able to find a place where these profiles can be adapted
to own needs.
2. Are they hard-coded? I guess in previous versions they where
May 12th, 2012, 12:30 AM
To customize context menu scan profile, open the main GUI, navigate to Computer scan -> Computer scan setup, select "Context menu scan" from the profile list and then open the ThreatSense engine setup by clicking the Setup button.
May 13th, 2012, 11:27 AM
ESET plug-in for Mozilla Thunderbird is not functional since several versions -
disabled by Thunderbird due to issues of incompatibility.
So the on-the-fly scan of mails is not possible at all.
Yes, the profile used by context.-menu on-demand scan is available
wizard for custom scan - the eav gui. I think it is not optimal, the placement,
because users interested only in adapting this profile will find it not until they attempt to perform custom computer scan. And the place where list of profiles can be changed is yet one different - bad concept.
Indeed, now I can see the details of on-demand scans profiles started from
context. menu. It is indeed a separate profile than that one used for
on-demand scan, computer scan or quick scan. Mails, archives, maybe some
others were not selected in this profile indeed. That's the reason why my eav
did always skip internal check.
After had enabled emails and all other types, the scan report does not report
"MIMO OK, internal check not performed" anymore. However, it does not also say anything. Just a blank result window. On-demand scan started from gui
says "OK" for these files. Must be this discrepancy?
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums